TRUST SYSTEM

US 20120254972A1
Filed: 04/04/2011
Published: 10/04/2012
Est. Priority Date: 04/04/2011
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented process for delegating access to private data, the computer-implemented process comprising:

receiving a request at a trusted server;

forwarding the received request to an untrusted third party application;

invoking a transaction on a secure data store;

tokenizing data received from the secure data store by the trusted server;

returning the tokenized data to the untrusted third party application;

modifying the tokenized data by the untrusted third party application;

requesting the trusted server to send results to a requester; and

sending the results from the trusted server to the requester for display.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An illustrative embodiment of a computer-implemented process for delegating access to private data receives a request at a trusted server, forwards the received request to an untrusted third party application and invokes a transaction on a secure data store. The computer-implemented process further tokenizes data received from the secure data store by the trusted server, returns the tokenized data to the untrusted third party application, modifies the tokenized data by the untrusted third party application, requests the trusted server to send results to a requester and sends the results from the trusted server to the requester for display.

Citations

20 Claims

1. A computer-implemented process for delegating access to private data, the computer-implemented process comprising:
- receiving a request at a trusted server;
  
  forwarding the received request to an untrusted third party application;
  
  invoking a transaction on a secure data store;
  
  tokenizing data received from the secure data store by the trusted server;
  
  returning the tokenized data to the untrusted third party application;
  
  modifying the tokenized data by the untrusted third party application;
  
  requesting the trusted server to send results to a requester; and
  
  sending the results from the trusted server to the requester for display.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented process of claim 1 wherein forwarding the received request to an untrusted third party application further comprises:
    - sending an identifier associated with a requester, wherein the identifier is known to the trusted server.
  - 3. The computer-implemented process of claim 1 wherein invoking a transaction on a secure data store further comprises:
    - using trusted application programming interfaces associated with the trusted server, wherein the trusted application programming interfaces function with tokenized data and prevent the untrusted third party application from accessing unsecure data.
  - 4. The computer-implemented process of claim 1 wherein tokenizing data received from the secure data store by the trusted server further comprises:
    - providing an opaque handle representative of the secure data.
  - 5. The computer-implemented process of claim 1 wherein modifying the tokenized data further comprises:
    - determining whether to modify the tokenized data using trusted application programming interfaces; and
      
      responsive to a determination not to modify the tokenized data, determining whether more requests exist for the untrusted third party application.
  - 6. The computer-implemented process of claim 1 wherein requesting the trusted server to send results to a requester further comprises:
    - determining whether more requests exist for the untrusted third party application; and
      
      responsive to a determination more requests exist, forwarding the received request to the untrusted third party application.
  - 7. The computer-implemented process of claim 1 wherein sending the results from the trusted server to the requester for display further comprises:
    - including formatting information provided by the untrusted third party application;
      
      replacing the tokenized data with corresponding unsecure data; and
      
      combining the corresponding unsecure data with the formatting information.

8. A computer program product for delegating access to private data, the computer program product comprising:
- a computer recordable-type media containing computer executable program code stored thereon, the computer executable program code comprising;
  
  computer executable program code for receiving a request at a trusted server;
  
  computer executable program code for forwarding the received request to an untrusted third party application;
  
  computer executable program code for invoking a transaction on a secure data store;
  
  computer executable program code for tokenizing data received from the secure data store by the trusted server;
  
  computer executable program code for returning the tokenized data to the untrusted third party application;
  
  computer executable program code for modifying the tokenized data by the untrusted third party application;
  
  computer executable program code for requesting the trusted server to send results to a requester; and
  
  computer executable program code for sending the results from the trusted server to the requester for display.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program product of claim 8 wherein computer executable program code for forwarding the received request to an untrusted third party application further comprises:
    - computer executable program code for sending an identifier associated with a requester, wherein the identifier is known to the trusted server.
  - 10. The computer program product of claim 8 wherein computer executable program code for invoking a transaction on a secure data store further comprises:
    - computer executable program code for using trusted application programming interfaces associated with the trusted server, wherein the trusted application programming interfaces function with tokenized data and prevent the untrusted third party application from accessing unsecure data.
  - 11. The computer program product of claim 8 wherein computer executable program code for tokenizing data received from the secure data store by the trusted server further comprises:
    - computer executable program code for providing an opaque handle representative of the secure data.
  - 12. The computer program product of claim 8 wherein computer executable program code for modifying the tokenized data further comprises:
    - computer executable program code for determining whether to modify the tokenized data using trusted application programming interfaces; and
      
      computer executable program code responsive to a determination not to modify the tokenized data, for determining whether more requests exist for the untrusted third party application.
  - 13. The computer program product of claim 8 wherein computer executable program code for requesting the trusted server to send results to a requester further comprises:
    - computer executable program code for determining whether more requests exist for the untrusted third party application; and
      
      computer executable program code responsive to a determination more requests exist, for forwarding the received request to the untrusted third party application.
  - 14. The computer program product of claim 8 wherein computer executable program code for sending the results from the trusted server to the requester for display further comprises:
    - computer executable program code for including formatting information provided by the untrusted third party application;
      
      computer executable program code for replacing the tokenized data with corresponding unsecure data; and
      
      computer executable program code for combining the corresponding unsecure data with the formatting information.

15. An apparatus for delegating access to private data, the apparatus comprising:
- a communications fabric;
  
  a memory connected to the communications fabric, wherein the memory contains computer executable program code;
  
  a communications unit connected to the communications fabric;
  
  an input/output unit connected to the communications fabric;
  
  a display connected to the communications fabric; and
  
  a processor unit connected to the communications fabric, wherein the processor unit executes the computer executable program code to direct the apparatus to;
  
  receive a request at a trusted server;
  
  forward the received request to an untrusted third party application;
  
  invoke a transaction on a secure data store;
  
  tokenize data received from the secure data store by the trusted server;
  
  return the tokenized data to the untrusted third party application;
  
  modify the tokenized data by the untrusted third party application;
  
  request the trusted server to send results to a requester; and
  
  send the results from the trusted server to the requester for display.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The apparatus of claim 15 wherein the processor unit executes the computer executable program code to forward the received request to an untrusted third party application further directs the apparatus to:
    - send an identifier associated with a requester, wherein the identifier is known to the trusted server.
  - 17. The apparatus of claim 15 wherein the processor unit executes the computer executable program code to invoke a transaction on a secure data store further directs the apparatus to:
    - use trusted application programming interfaces associated with the trusted server, wherein the trusted application programming interfaces function with tokenized data and prevent the untrusted third party application from accessing unsecure data.
  - 18. The apparatus of claim 15 wherein the processor unit executes the computer executable program code to tokenize data received from the secure data store by the trusted server further directs the apparatus to:
    - provide an opaque handle representative of the secure data.
  - 19. The apparatus of claim 15 wherein the processor unit executes the computer executable program code to modify the tokenized data further directs the apparatus to:
    - determine whether to modify the tokenized data using trusted application programming interfaces; and
      
      responsive to a determination not to modify the tokenized data, determine whether more requests exist for the untrusted third party application.
  - 20. The apparatus of claim 15 wherein the processor unit executes the computer executable program code to send the results from the trusted server to the requester for display further directs the apparatus to:
    - include formatting information provided by the untrusted third party application;
      
      replace the tokenized data with corresponding unsecure data; and
      
      combine the corresponding unsecure data with the formatting information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Fulton, Mike S.

Application Number

US13/079,211
Publication Number

US 20120254972A1
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/102   Entity profiles

TRUST SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TRUST SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links